Full_Name: julien soula Version: 2.4.39 OS: URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (194.254.117.28) Hi, this is related to ITS#6508. I don't think that the supplied patch is enough to fix the bug. When the last "member" entry is dangling then "( j - i == 1 )" is true and the loop is broken without reducing a_numvals. So I propose this patch : --- servers/slapd/overlays/memberof.c.orig 2014-07-09 21:17:14.487296363 +0200 +++ servers/slapd/overlays/memberof.c 2014-07-09 21:31:44.071565223 +0200 @@ -596,6 +596,7 @@ ber_memfree( a->a_nvals[ i ].bv_val ); BER_BVZERO( &a->a_nvals[ i ] ); } + a->a_numvals--; if ( j - i == 1 ) { break; } @@ -607,7 +608,6 @@ sizeof( struct berval ) * ( j - i ) ); } i--; - a->a_numvals--; } } Best regards, Julien
jsoula@univ-lille2.fr wrote: > Full_Name: julien soula > Version: 2.4.39 > OS: > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.254.117.28) > > > Hi, > > this is related to ITS#6508. I don't think that the supplied patch is enough to > fix the bug. > > When the last "member" entry is dangling then "( j - i == 1 )" is true and the > loop is broken without reducing a_numvals. Looks like you're right. Committed to master, thanks. > > So I propose this patch : > > --- servers/slapd/overlays/memberof.c.orig 2014-07-09 21:17:14.487296363 > +0200 > +++ servers/slapd/overlays/memberof.c 2014-07-09 21:31:44.071565223 +0200 > @@ -596,6 +596,7 @@ > ber_memfree( a->a_nvals[ i > ].bv_val ); > BER_BVZERO( &a->a_nvals[ i ] ); > } > + a->a_numvals--; > if ( j - i == 1 ) { > break; > } > @@ -607,7 +608,6 @@ > sizeof( struct berval ) > * ( j - i ) ); > } > i--; > - a->a_numvals--; > } > } > > > > Best regards, > Julien > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed notes changed state Open to Test moved from Incoming to Software Bugs
fixed in master fixed in RE25 fixed in RE24
changed notes changed state Test to Closed